From 01ccc2cc967935d4093ad3067e2b45bda80653a3 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Mon, 21 May 2018 14:24:06 +0800
Subject: security: prevent same passcode from being reused

Reported by @cezar97.
---
 models/user.go       |  5 +++++
 models/user_cache.go | 11 +++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 models/user_cache.go

(limited to 'models')

diff --git a/models/user.go b/models/user.go
index 831ba3f4..f53b48e7 100644
--- a/models/user.go
+++ b/models/user.go
@@ -120,6 +120,11 @@ func (u *User) AfterSet(colName string, _ xorm.Cell) {
 	}
 }
 
+// IDStr returns string representation of user's ID.
+func (u *User) IDStr() string {
+	return com.ToStr(u.ID)
+}
+
 func (u *User) APIFormat() *api.User {
 	return &api.User{
 		ID:        u.ID,
diff --git a/models/user_cache.go b/models/user_cache.go
new file mode 100644
index 00000000..987c019a
--- /dev/null
+++ b/models/user_cache.go
@@ -0,0 +1,11 @@
+// Copyright 2018 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+// TwoFactorCacheKey returns key used for cache two factor passcode.
+// e.g. TwoFactor_1_012664
+func (u *User) TwoFactorCacheKey(passcode string) string {
+	return "TwoFactor_" + u.IDStr() + "_" + passcode
+}
-- 
cgit v1.2.3